In case you didn’t already see my post over on the WordPress Development Blog, rest assured that WordPress is safe from the recently announced PHPXMLRPC worm. Some of the articles about this worm point to old information indicating that WP 1.5 is vulnerable, but that is incorrect. Versions 1.2.x and earlier are in danger, however. So if you have any older WP installations, you should upgrade them immediately, or delete the xmlrpc class files as indicated in the post I made on the main WP site.
WordPress 1.5.x safe from XML-RPC wormRelated posts:
- WordPress 2.8.1 Coming Soon
"Right on the heels of version 2.8, we will be seeing a WordPress 2.8.1 release soon. There are several minor bugfixes in so far, mostly..." - Important: Upgrade to WordPress 2.1.2
" In the interest of getting the word out as quickly and as widely as possible, a brief word about a new WordPress release: If..." - WordPress 2.0.3 Released
" The wee hours of the morning saw the release of WordPress 2.0.3. This release fixes a few bugs that have been identified in the..." - WordPress Security
" Last week, some reports came out about security bugs in WordPress. The development team has been working to clean these up, and a WordPress..." - WordPress 1.5 “Strayhorn” released
" The latest and greatest version of WordPress is out. WordPress 1.5 (the “Strayhorn” release*) has more new features than you can shake a stick..."















2 Comments
There is something going on that is effecting WordPress sites, though. All of my WordPress sites were down a couple days ago. My host fixed it but they didn’t say what the issue was.
I’ve seen this on other WordPress sites over the last couple days. For example, Matt’s site seems to be having similar problems at the time of this writing. In Safari, I see an error like this: Safari can’t open the page “http://photomatt.net/â€. The error was: “lost network connection†(NSURLErrorDomain:-1005). FireFox just shows a blank page.
From the command line, I see: $ curl -v http://photomatt.net/
* About to connect() to photomatt.net port 80
* Trying 72.36.230.250… * connected
* Connected to photomatt.net (72.36.230.250) port 80
> GET / HTTP/1.1
User-Agent: curl/7.13.1 (powerpc-apple-darwin8.0) libcurl/7.13.1 OpenSSL/0.9.7g zlib/1.2.3
Host: photomatt.net
Pragma: no-cache
Accept: */*
* Empty reply from server
* Connection #0 to host photomatt.net left intact
curl: (52) Empty reply from server
* Closing connection #0
When my sites were down, I could get to any of my static pages, but anything WordPress gave errors like those above.
Any idea what’s going on?
Thanks for the info. That the bad thing about the web, rumor and incorrect info gets passed around like wildfire.
2 Trackbacks
[...] WordPress ist ab der Version 1.5 absolut sicher vor diesem neuen Wurm, ist auf Dougal Gunters.org zu lesen. Weniger sicher ist derzeit wieder einmal Windows. Es ist wirklich dringend Datenrettung angesagt. Microsoft gibt wieder einmal zu, dass sein System schlicht knackbar ist. … bis zum nächsten Microsoft Alarm:Datenrettung! [...]
[...] Other WordPress News more » Alex King: Should I Host Another WordPress Theme Competition?Dougal Campbell: WordPress 1.5.x safe from XML-RPC wormWeblog Tools Collection: Feedburner Launches Ad NetworkMatt: Customize Yahoo MapsWeblog Tools Collection: Opinion: Is open source a bubble ready to burst?Dev Blog: Don’t Panic! WordPress Is SecureWeblog Tools Collection: WP Theme: SquibleMatt: Plazes on WPWeblog Tools Collection: Top100Bloggers.com SuccessWeblog Tools Collection: Web Logs (sic) go to schoolMike Little: Happy Birthday JanWeblog Tools Collection: If You Want to Lead, BlogWeblog Tools Collection: Topix.net Tagged NewsWeblog Tools Collection: Add Video to Google Talk and SkypeMatt: Go AmazonRyan Boren: Bug HuntWeblog Tools Collection: Connections Reloaded 1.2 releasedWeblog Tools Collection: Star Shaped ThemesWeblog Tools Collection: HOW TO: Boost Your Blog TrafficScripty Goddess: Published… offline [...]